Threat Actors Deliver IcedID Malware Via Contact Forms

33
Threat Actors Deliver IcedID Malware via Contact Forms

Attackers use legitimate corporate contact forms to deliver phishing emails to infect enterprise targets with the IcedID info-stealing malware and also threaten them with lawsuits.

IcedID is a banking Trojan first discovered in 2017 and updated to deploy second-stage malware payloads, including Qakbot, Trickbot, and Ryuk ransomware.
The Microsoft 365 Defender Threat Intelligence Team recently detected this phishing campaign that seems to have found a way to go around CAPTCHA protection of contact forms to bombard the enterprises with phishing messages.

Justin Carroll and Emily Hacker – Microsoft threat intelligence analysts observed “an influx of contact form emails targeted at enterprises by means of abusing companies’ contact forms.”

To Read More: Bleepingcomputer